NCP Upgrade to 21.0.4 Error

Martin_Friebe · September 20, 2021, 8:48am

Support intro

Sorry to hear you’re facing problems

help.nextcloud.com is for home/non-enterprise users. If you’re running a business, paid support can be accessed via portal.nextcloud.com where we can ensure your business keeps running smoothly.

In order to help you as quickly as possible, before clicking Create Topic please provide as much of the below as you can. Feel free to use a pastebin service for logs, otherwise either indent short log examples with four spaces:

example

Or for longer, use three backticks above and below the code snippet:

longer
example
here

Some or all of the below information will be requested if it isn’t supplied; for fastest response please provide as much as you can

Nextcloud version (eg, 20.0.5): 21.0.4
Operating system and version (eg, Ubuntu 20.04): Raspbian GNU/Linux 10 (buster)
Apache or nginx version (eg, Apache 2.4.25): Apache/2.4.38 (Raspbian)
PHP version (eg, 7.4): PHP 7.3.29-1~deb10u1 (cli)

The issue you are facing:
After NCP Update to 1.39.6 it was possible to Upgrade NC to 21.04.
Upgrade was succesfully but after reboot i can not access via internet domain, only lan access is possible with bypassing security hint.

Is this the first time you’ve seen this error? (Y/N):Y

Steps to replicate it:

update NCP
Upgrade NC
access NC

The output of your Nextcloud log in Admin > Logging:



{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"no app in context","method":"","url":"--","message":"Deprecated event type for \\OC\\Repair::info: Symfony\\Component\\EventDispatcher\\GenericEvent is used","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\\Repair::info: Repair info: JS cache cleared","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"no app in context","method":"","url":"--","message":"Deprecated event type for \\OC\\Repair::step: Symfony\\Component\\EventDispatcher\\GenericEvent is used","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\\Repair::step: Repair step: Clear every generated avatar on major updates","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"no app in context","method":"","url":"--","message":"Deprecated event type for \\OC\\Repair::step: Symfony\\Component\\EventDispatcher\\GenericEvent is used","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\\Repair::step: Repair step: Add preview background cleanup job","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"no app in context","method":"","url":"--","message":"Deprecated event type for \\OC\\Repair::step: Symfony\\Component\\EventDispatcher\\GenericEvent is used","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\\Repair::step: Repair step: Queue a one-time job to cleanup old backups of the updater","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"no app in context","method":"","url":"--","message":"Deprecated event type for \\OC\\Repair::step: Symfony\\Component\\EventDispatcher\\GenericEvent is used","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\\Repair::step: Repair step: Cleanup invalid photocache files for carddav","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"no app in context","method":"","url":"--","message":"Deprecated event type for \\OC\\Repair::step: Symfony\\Component\\EventDispatcher\\GenericEvent is used","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\\Repair::step: Repair step: Add background job to cleanup login flow v2 tokens","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"no app in context","method":"","url":"--","message":"Deprecated event type for \\OC\\Repair::step: Symfony\\Component\\EventDispatcher\\GenericEvent is used","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\\Repair::step: Repair step: Remove potentially over exposing share links","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"no app in context","method":"","url":"--","message":"Deprecated event type for \\OC\\Repair::info: Symfony\\Component\\EventDispatcher\\GenericEvent is used","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\\Repair::info: Repair info: No need to remove link shares.","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"no app in context","method":"","url":"--","message":"Deprecated event type for \\OC\\Repair::step: Symfony\\Component\\EventDispatcher\\GenericEvent is used","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\\Repair::step: Repair step: Clear access cache of projects","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"no app in context","method":"","url":"--","message":"Deprecated event type for \\OC\\Repair::step: Symfony\\Component\\EventDispatcher\\GenericEvent is used","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\\Repair::step: Repair step: Reset generated avatar flag","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"no app in context","method":"","url":"--","message":"Deprecated event type for \\OC\\Repair::step: Symfony\\Component\\EventDispatcher\\GenericEvent is used","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\\Repair::step: Repair step: Keep legacy encryption enabled","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"no app in context","method":"","url":"--","message":"Deprecated event type for \\OC\\Repair::step: Symfony\\Component\\EventDispatcher\\GenericEvent is used","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\\Repair::step: Repair step: Check encryption key format","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"no app in context","method":"","url":"--","message":"Deprecated event type for \\OC\\Repair::step: Symfony\\Component\\EventDispatcher\\GenericEvent is used","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\\Repair::step: Repair step: Remove old dashboard app config data","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"no app in context","method":"","url":"--","message":"Deprecated event type for \\OC\\Repair::step: Symfony\\Component\\EventDispatcher\\GenericEvent is used","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\\Repair::step: Repair step: Add job to cleanup the bruteforce entries","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"no app in context","method":"","url":"--","message":"Deprecated event type for \\OC\\Repair::step: Symfony\\Component\\EventDispatcher\\GenericEvent is used","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\\Repair::step: Repair step: Queue a one-time job to check for user uploaded certificates","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"no app in context","method":"","url":"--","message":"Deprecated event type for \\OC\\Repair::step: Symfony\\Component\\EventDispatcher\\GenericEvent is used","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\\Repair::step: Repair step: Repair DAV shares","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"no app in context","method":"","url":"--","message":"Deprecated event type for \\OC\\Repair::step: Symfony\\Component\\EventDispatcher\\GenericEvent is used","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\\Repair::step: Repair step: Add background job to set the lookup server share state for users","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:42+00:00","remoteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\\Updater::startCheckCodeIntegrity: Starting code integrity check...","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:56+00:00","remoteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\\Updater::finishedCheckCodeIntegrity: Finished code integrity check","userAgent":"--","version":"20.0.12.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:56+00:00","remoteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\\Updater::updateEnd: Update successful","userAgent":"--","version":"21.0.4.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:56+00:00","remoteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\\Updater::maintenanceDisabled: Turned off maintenance mode","userAgent":"--","version":"21.0.4.1"}
{"reqId":"BEOppt7lTzxCVrYZbOF8","level":1,"time":"2021-09-20T08:05:56+00:00","remoteAddr":"","user":"--","app":"updater","method":"","url":"--","message":"\\OC\\Updater::resetLogLevel: Reset log level to Warning(2)","userAgent":"--","version":"21.0.4.1"}
{"reqId":"YUhB@Gs6pXPFUMKHZRTsQQAAkwA","level":2,"time":"2021-09-20T08:10:36+00:00","remoteAddr":"192.168.178.32","user":"--","app":"no app in context","method":"POST","url":"/login","message":"Login failed: ncp (Remote IP: 192.168.178.32)","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0","version":"21.0.4.1"}
{"reqId":"YUhCZ2s6pXPFUMKHZRTs3AAAkQk","level":2,"time":"2021-09-20T08:12:23+00:00","remoteAddr":"192.168.178.32","user":"ncp","app":"no app in context","method":"GET","url":"/settings/user/privacy","message":"Invalid privacyPolicyUrl data provided to provideInitialState by privacy","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0","version":"21.0.4.1"}

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'passwordsalt' => 'x',
  'secret' => 'x',
  'trusted_domains' =>
  array (
    0 => 'localhost',
    5 => 'nextcloudpi.local',
    7 => 'nextcloudpi',
    8 => 'nextcloudpi.lan',
    11 => '95.90.x.x',
    1 => '192.168.178.x',
    3 => '3k9sldxx.myfritz.net',
    22 => '3k9sldxx.myfritz.net',
  ),
  'datadirectory' => '/mnt/hd1/nextcloud/data',
  'dbtype' => 'mysql',
  'version' => '21.0.4.1',
  'overwrite.cli.url' => 'https://3k9sldxx.myfritz.net/',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => 'ncadmin',
  'dbpassword' => 'xx',
  'installed' => true,
  'instanceid' => 'oclaqn5ofxx',
 'memcache.local' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' =>
  array (
    'host' => '/var/run/redis/redis.sock',
    'port' => 0,
    'timeout' => 0.0,
    'password' => 'xx',
  ),
  'tempdirectory' => '/mnt/hd1/nextcloud/data/tmp',
  'mail_smtpmode' => 'sendmail',
  'mail_smtpauthtype' => 'LOGIN',
  'preview_max_x' => '2048',
  'preview_max_y' => '2048',
  'jpeg_quality' => '60',
  'overwriteprotocol' => 'https',
  'maintenance' => false,
  'logfile' => '/mnt/hd1/nextcloud/data/nextcloud.log',
  'htaccess.RewriteBase' => '/',
  'theme' => '',
 'loglevel' => '2',
  'app_install_overwrite' =>
  array (
    0 => 'admin_notifications',
  ),
  'simpleSignUpLink.shown' => false,
  'log_type' => 'file',
  'mail_sendmailmode' => 'smtp',
  'mail_smtpsecure' => 'ssl',
  'mail_smtpauth' => 1,
 'mail_smtphost' => 'smtp-mail.outlook.com',
  'mail_smtpport' => '587',
  'mail_smtpname' => 'martin.xx',
  'mail_smtppassword' => 'xx',
  'trusted_proxies' =>
  array (
    11 => '127.0.0.1',
    12 => '::1',
    13 => '3k9sldxx.myfritz.net',
    14 => '95.90.x.x',

  ),
);

The output of your Apache/nginx/system log in /var/log/____:

PASTE HERE

I tried to get a new lets encrpyt via NCP Menu, looks like this was successfully but browsers (even private sessions) shows the wrong cert

new_LE_after_upgrade

Martin_Friebe · September 20, 2021, 9:23am

When calling up the LAN via 192.xxxx, the Letsypt Cert is displayed in the browser.
But when I call DNS over the Internet I get an invalid “Archlinux” Cert.

Is there an error in the config?

Incidentally, the NCP Config menu shows that LetsEncrypt is active. In the system overview of NCP, however, it says “certificates none”

Bei einem Aufruf im LAN über 192.xxxx wird im Browser das Letsencypt Cert angezeigt.
Wenn ich aber über die Internet DNS aufrufe erhalte ich ein ungültiges “Archlinux” Cert.

Ist hier ein Fehler in der Config?

Das NCP Config Menü zeigt übrigens das LetsEncrypt aktiv ist. In der Systemübersicht von NCP steht dann aber “certificates none”

devnull · September 20, 2021, 10:46am

You can Mozilla Firefox allow to use the ssl certificate.

Du kannst Mozilla Firefox eine Ausnahme erlauben, dass das Zertifikat trotzdem akzeptiert wird. Das ist im internen LAN vollkommen in Ordnung.

Martin_Friebe · September 20, 2021, 1:12pm

Hallo @devnull ,

eventuell habe ich den Fehler falsch beschrieben.
Lokal ist es mir möglich die NC Instanz aufzurufen. Über das Internet und eine Domain ist es nicht mehr möglich. Seit dem Upgrade erkennt NCP die Certificate nicht mehr. ncp

nachoparker · September 20, 2021, 9:58pm

can you share the full output from running letsencrypt either on ncp-web or sudo ncp-config? Also, please share output from

cat /etc/apache2/sites-enabled/nextcloud.conf

Martin_Friebe · September 21, 2021, 7:41am

Hello @nachoparker,

letsencrypt output:


[ letsencrypt ] (Tue Sep 21 09:42:11 CEST 2021)
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate
Running deploy-hook command: /etc/letsencrypt/renewal-hooks/deploy/ncp
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/3k9sxx.myfritz.net/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/3k9sxx.myfritz.net/privkey.pem
Your cert will expire on 2021-12-20. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Apache self check:
Syntax OK
System config value trusted_domains => 22 set to string 3k9sxx.myfritz.net
System config value trusted_domains => 3 set to string 3k9sxx.myfritz.net
System config value overwrite.cli.url set to string https://3k9sxx.myfritz.net/
System config value trusted_proxies => 11 set to string 127.0.0.1
System config value trusted_proxies => 12 set to string ::1
System config value trusted_proxies => 13 set to string 3k9sxx.myfritz.net
System config value trusted_proxies => 14 set to string 95.90.9x.xx
✓ redis is configured
✓ push server is receiving redis messages
✓ push server can load mount info from database
✓ push server can connect to the Nextcloud server
✓ push server is a trusted proxy
✓ push server is running the same version as the app
configuration saved

apache output:

cat /etc/apache2/sites-enabled/nextcloud.conf
### DO NOT EDIT! THIS FILE HAS BEEN AUTOMATICALLY GENERATED. CHANGES WILL BE OVE                                                              RWRITTEN ###

<IfModule mod_ssl.c>
  <VirtualHost _default_:443>
    DocumentRoot /var/www/nextcloud
    CustomLog /var/log/apache2/nc-access.log combined
    ErrorLog  /var/log/apache2/nc-error.log
    SSLEngine on
    SSLProxyEngine on
    SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
    SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

    # For notify_push app in NC21
    ProxyPass /push/ws ws://127.0.0.1:7867/ws
    ProxyPass /push/ http://127.0.0.1:7867/
    ProxyPassReverse /push/ http://127.0.0.1:7867/
  </VirtualHost>

  <Directory /var/www/nextcloud/>
    Options +FollowSymlinks
    AllowOverride All
    <IfModule mod_dav.c>
      Dav off
    </IfModule>
    LimitRequestBody 0
    SSLRenegBufferSize 10486000
  </Directory>
  <IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=15768000; includeSubDom                                                              ains"
  </IfModule>
</IfModule>

eyduh · September 21, 2021, 11:15am

Change the ssl path in the apache config to point to your certificate from letsencrypt c:
(Replace path in second quote with path from first)

This would allow you to visit at the uri in the cert name.

Martin_Friebe · September 21, 2021, 12:34pm

hello @eyduh ,

you are right, this certificate “snakeoil” look wrong.
The Apache Cert Path should be handled by NextCloudPi as far as i know?

oerkel47 · September 21, 2021, 1:57pm

Hello. I think I am facing the same problem. When I try to connect via local network ip it shows the lets encrypt cert, but when I connect via internet url it only shows a self signed certificate. It also shows certificate “none” in the ncp system info.

For me it’s unrelated to 21.0.4 though, using the up to date docker image which comes with NCP 1.39.6 and NC 20.0.4.0

nextcloud.conf:

<IfModule mod_ssl.c>
  <VirtualHost _default_:443>
    DocumentRoot /var/www/nextcloud
    CustomLog /var/log/apache2/nc-access.log combined
    ErrorLog  /var/log/apache2/nc-error.log
    SSLEngine on
    SSLProxyEngine on
    SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
    SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

    # For notify_push app in NC21
    ProxyPass /push/ws ws://127.0.0.1:7867/ws
    ProxyPass /push/ http://127.0.0.1:7867/
    ProxyPassReverse /push/ http://127.0.0.1:7867/
  </VirtualHost>

  <Directory /var/www/nextcloud/>
    Options +FollowSymlinks
    AllowOverride All
    <IfModule mod_dav.c>
      Dav off
    </IfModule>
    LimitRequestBody 0
    SSLRenegBufferSize 10486000
  </Directory>
  <IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"
  </IfModule>
</IfModule>

guandalf · September 21, 2021, 3:37pm

Same here. What I have noticed is that the certificate file name created by certbot is:

/etc/letsencrypt/live/my.domain.name**-0001**/privkey.pem

This could make the difference when creating the conf file from the template?

sn2018 · September 21, 2021, 5:12pm

So what is the solution? At the top of my /etc/apache2/sites-available/nextcloud.conf, there is this warning:

“### DO NOT EDIT! THIS FILE HAS BEEN AUTOMATICALLY GENERATED. CHANGES WILL BE OVE
RWRITTEN ###”

nachoparker · September 21, 2021, 6:18pm

I think I see where the error is, can you please try the following?

sudo ncp-update devel

, then run letsencrypt again, then verify that we have the correct paths under /etc/apache2/sites-available/nextcloud.conf?

Martin_Friebe · September 22, 2021, 7:47am

hello @nachoparker ,

this works for me, after ncp update and letsencrypt renewal the apache config is set correct and the connection to nextcloud works again

Thank you!

vascocb · September 22, 2021, 10:20am

I have this error and does not start

can’t connect to push server: cURL error 7: Failed to connect to my.domain.tld port 443: Connection refused (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://my.domain.tld/push/test/cookie

vascocb · September 22, 2021, 10:29am

The path is correct but the apache server does not work

selder · September 22, 2021, 12:47pm

This fixed my LetsEncrypt cert not being applied to the .conf file as well

nachoparker · September 22, 2021, 3:19pm

great, thanks all for the confirmation. I pushed the fixes to the main branch

nachoparker · September 22, 2021, 3:21pm

As part of my fixes, I am now also taking this case into account, when the folder ends in -0001

mcjoe · September 22, 2021, 4:06pm

Lets encrypt works.The only thing that doesn’t work is that it’s not shown in the system info.
0001

nachoparker · September 22, 2021, 5:48pm

interesting, so assuming you ran letsencrypt recently, can you share the output of /etc/apache2/sites-available/nextcloud.conf (hide your actual domain)?

This is the piece of code that detects this in the system info

grep "SSLCertificateFile /etc/letsencrypt/live/" /etc/apache2/sites-available/nextcloud.conf \                                                                                                                                                                                                                       
        | sed 's|.*SSLCertificateFile /etc/letsencrypt/live/||;s|/fullchain.pem||'

, if you could run it it would be useful to diagnose